Monthly Archives: March 2007

Screenshots of ossec wui v0.2

Posted on March 29, 2007 by danielcid

It looks like I did a big mistake by releasing the web ui and not providing any screenshots of it. So, here they are (better later than never). Main page of the UI: Search options: Integrity checking options: If you … Continue reading →

Posted in ossec-ui | 6 Comments

OSSEC WUI version 0.2 is available

Posted on March 28, 2007 by danielcid

We are pleased to announce the release of the first non-BETA version of the OSSEC web interface (v0.2). This version contains the following features and bug fixes: Added real time monitoring to the search page. Added support for paginated search … Continue reading →

Posted in ossec-ui | Leave a comment

Finding ADS on NTFS

Posted on March 25, 2007 by danielcid

ADS (Alternate Data Streams) is a “feature” of the NTFS (file system used on Windows 2000, XP, etc) that permit files to be completely hidden from the system. You can read more about ADS in these two links: windowsecurity.com ADS … Continue reading →

Posted in ossec, rootkit | 1 Comment

OSSEC Web UI v0.2 beta 1 available

Posted on March 21, 2007 by danielcid

The first beta of the ossec wui v0.2 is available for our beta testers. As I mentioned before, the best way to get involved in the project is by helping us testing our beta releases. If you do so, please … Continue reading →

Posted in ossec-ui | Leave a comment

OSSEC in the news

Posted on March 19, 2007 by danielcid

For those that missed it, ossec has gained a lot of attention lately, specially with these articles from Linux World and Network World: OSSEC #1 in Top 5 open source security tools in the enterprise Open source IDS app gets … Continue reading →

Posted in ossec | Leave a comment

New ossec member

Posted on March 15, 2007 by danielcid

I am happy to announce the arrival of a new member to the ossec team. He is only 51cm tall and weights around 3.4kg, but we expect great contributions from him as soon as he can start coding. He has … Continue reading →

Posted in off, ossec | 8 Comments

OSSEC v1.1 available

Posted on March 10, 2007 by danielcid

We are pleased to announce the availability of OSSEC v1.1. This new version comes with numerous new features, including support for Microsoft IIS 6, Cisco VPN concentrator, Cisco PIX VPN AAA, Cisco FWSM and Solaris 10 “su” logs. We also … Continue reading →

Posted in ossec | Leave a comment

OSSEC presentation

Posted on March 8, 2007 by danielcid

Michael Williams sent to us a copy of his excelent presentation about ossec. You can download the swf from here and the .ppt from here.

Posted in ossec | Leave a comment

Rootcheck entry for the “Solaris Worm”

Posted on March 1, 2007 by danielcid

If you are running Solaris 10 and are worried about the possible Solaris Worm, you can add the following 4 lines to the /var/ossec/etc/shared/rootkit_files.txt file at your ossec server. It will automatically update the rootcheck config for all your agents. … Continue reading →

Posted in ossec, rootkit | Leave a comment

OSSEC v1.1 BETA2 available

Posted on March 1, 2007 by danielcid

As a follow-up from my previous post about the BETA1, the second beta for version 1.1 is also available. It contains some bug fixes that were found on the previous beta and some code cleanup. You can download the Unix … Continue reading →

Posted in ossec | Leave a comment